CVE-2024-47083 – The Power Platform Terraform Provider versions ... (How to Fix)

Q: What is the severity of CVE-2024-47083?

CVE-2024-47083 has a CVSS score of 7.5 (HIGH). The Power Platform Terraform Provider versions before 3.0.0 expose service principal client_secret values in logs due to improper masking. This allows anyone with access to logs to steal authentication credentials. Organizations using affected versions for Power Platform infrastructure management are impacted.

📋 TL;DR

The Power Platform Terraform Provider versions before 3.0.0 expose service principal client_secret values in logs due to improper masking. This allows anyone with access to logs to steal authentication credentials. Organizations using affected versions for Power Platform infrastructure management are impacted.

💻 Affected Systems

Products:

Microsoft Power Platform Terraform Provider

Versions: All versions prior to 3.0.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects users who configured service principal authentication with client_secret and have logging enabled.

📦 What is this software?

Power Platform Terraform Provider by Microsoft

View all CVEs affecting Power Platform Terraform Provider →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative access to Power Platform environments, enabling data theft, resource destruction, or lateral movement to connected systems.

🟠

Likely Case

Unauthorized users with log access obtain service principal credentials and perform unauthorized operations within Power Platform environments.

🟢

If Mitigated

With proper log access controls and credential rotation, impact is limited to credential exposure requiring rotation.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to logs containing exposed credentials. No special tools needed beyond log access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.0

Vendor Advisory: https://github.com/microsoft/terraform-provider-power-platform/security/advisories/GHSA-7w3w-pjm5-m36c

Restart Required: No

Instructions:

1. Update Terraform configuration to use provider version >=3.0.0. 2. Run 'terraform init -upgrade'. 3. Apply configuration changes.

🔧 Temporary Workarounds

Disable persistent logging

all

Prevent logs from being written to disk or external systems

unset TF_LOG_PATH
export TF_LOG_PATH=

Use OIDC authentication

all

Switch from client_secret to OpenID Connect authentication

🧯 If You Can't Patch

Immediately rotate all service principal client_secrets used with affected provider
Disable TF_LOG_PATH environment variable and remove existing log files

🔍 How to Verify

Check if Vulnerable:

Check Terraform configuration for 'microsoft/power-platform' provider version <3.0.0

Check Version:

terraform version

Verify Fix Applied:

Confirm provider version is >=3.0.0 in .terraform.lock.hcl

📡 Detection & Monitoring

Log Indicators:

client_secret values in Terraform logs
Power Platform authentication logs showing unexpected service principal usage

Network Indicators:

Unusual API calls to Power Platform from unexpected locations

SIEM Query:

source="terraform.log" AND "client_secret"

📊 Metadata

CVE ID: CVE-2024-47083

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-117

Published: September 25, 2024

Last Updated: October 3, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47083, you might also want to check these: